• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Cybercrime   »   Ransomware Surges in First Half of 2016

Ransomware Surges in First Half of 2016

  • Posted on:August 30, 2016
  • Posted in:Cybercrime, Ransomware, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0
Criminals love to hack banks, but they need to store their money, too.

Trend Micro published our mid-year security roundup report where we covered the biggest threat stories and trends we observed in the first half of 2016. Not surprising if you’ve been following the threat landscape that ransomware was by far the biggest story, with many organizations around the world in the news affected by this threat.

We have been doing extensive research into this threat over the years and I want to dive a bit deeper into the most recent trends we’ve seen and how you can protect yourself and your organization from being a victim.

In my 20 years working in cybersecurity I have not seen any specific threat be picked up and used as much as I’ve seen ransomware. In the first half of the year, we saw threat actors develop close to 80 new families of ransomware, which is a 172 percent increase from what we saw in all of 2015. We’re also seeing these cybercriminals adopt and adapt their creations to continually prevent organizations from detecting their malware. We are even seeing now Ransomware as a Service (RaaS) within the criminal undergrounds to make it even easier for threat actors of any level to deliver attacks. Why are we seeing such a marked increase in this activity? Because it seems to be working, but also this is a threat that is very visible. Most threats try to stay under the radar and be invisible, but ransomware uses fear and very visual effects to entice the victim into paying their ransom demands. You will know you are infected with ransomware if it happens. We do recommend contacting your local law enforcement or the IC3 if infected as the most effective way to stop ransomware is to stop making it profitable and put the criminals behind it behind bars.

Below is an example of some recent ransomware families we investigated and the different capabilities each has. You’ll notice, as mentioned above, the actors behind these are trying many different techniques.

Ransomware Families

Note the different arrival techniques (infection vectors) and the different ransom amounts being served up to the victims. You also can see numerous different types of data being encrypted by the ransomware families. The encryption process is similar, as there are not a lot of different encryption technologies out there, and the criminals use the same methods used by the good guys. One thing we have seen as the predominate infection vector is email, whether spam or phishing.

figure-3-01

But also notice that exploits and exploit kits are becoming more utilized. In fact, we’ve seen the actors behind most of the exploit kits are now serving up ransomware within their kits, again showing that ransomware is becoming the defacto threat used by many actors today.

One other trend we’ve seen with ransomware is who the threat actors are targeting. This was mostly a consumer targeted threat in the past, but recently we’ve seen businesses being targeted predominately by these actors. This is likely due to the ability for a business to pay the ransom versus a consumer, but also in many cases we’re seeing much higher ransom demands against businesses that are in industries where any downtime is critical to them – i.e. healthcare, manufacturing.

We do expect ransomware to continue to be utilized by cybercriminals around the world for the foreseeable future as it has been effective and profitable for them so far. Besides law enforcement activity in curbing this threat, you and your organization can take steps to help prevent becoming a victim of ransomware.

The key is developing a broad strategy that includes the following:

Education about how this attack works. A good, short video explaining ransomware and basic security can be found here. Our ransomware definition page will give you a lot of information on what it is and the latest trends

Implement a good backup strategy that includes a 3-2-1 model (3 backup copies on 2 different media with 1 backup in a separate location)

Develop a layered security approach that includes the following:

  1. Block the threat at its source using advanced email and web gateway solutions. At Trend Micro we are blocking more than 98 percent of ransomware affecting our customers at this layer, keeping this threat completely off of endpoint devices
  2. Boost your endpoint security with purpose built ransomware features to prevent ransomware from infecting the device. Trend Micro OfficeScan and Worry-Free Security solutions have been adding new features designed from our in-depth analysis of ransomware trends over the past two years
  3. Add in a network defense layer that can identify and block ransomware related behavior, including Command & Control communications
  4. Ensure you’ve included server security, as recently we’ve seen threat actors targeting servers in their activities. Trend Micro Deep Security can provide protection for your critical servers, especially web servers, which are being targeted
  5. Finally, make sure you have visibility and control across your security solutions to provide you immediate exposure when a threat has been discovered within your network

While we cannot guarantee 100 percent detection of all ransomware, implementing the approach above can minimize your risk of becoming a victim. If, unfortunately you do become infected, we have been developing a free tool to decrypt as many ransomware families as possible. Check it out to see if it can help. We have also provided a great landing page to help organizations large and small, as well as consumers, on all aspects of ransomware to help educate them further. We hope it helps. Follow our Security Intelligence blog for the latest news on ransomware found out in the wild.

Related posts:

  1. Ransomware growth will plateau in 2017, but attack methods and targets will diversify
  2. Where Will Ransomware Go In The Second Half Of 2019?
  3. More than half your IT spend is going to be cloud by 2016
  4. Cybercriminals Changing Tactics as Seen in First Half Report

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.